GMS-2023-578: keycloak-connect contains Open redirect vulnerability in the Node.js adapter
(updated )
There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO
with query param prompt=none
.
References
Detect and mitigate GMS-2023-578 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →